Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 27 Sep 2019 13:53:10 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: mathias.payer@...elwelt.net, benquike@...il.com
Subject: Re: Linux kernel: multiple vulnerabilities in the USB
 subsystem x2

On 2019-09-27 19:01:48, Andrey Konovalov wrote:
> On Fri, Sep 27, 2019 at 6:51 PM Tyler Hicks <tyhicks@...onical.com> wrote:
> >
> > On 2019-08-20 20:20:34, Andrey Konovalov wrote:
> > > * https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15290
> > >
> > > An issue was discovered in the Linux kernel through 5.2.9. There is a
> > > NULL pointer dereference caused by a malicious USB device in the
> > > ath6kl_usb_alloc_urb_from_pipe function in the
> > > drivers/net/wireless/ath/ath6kl/usb.c driver.
> >
> > This seems like it might be a duplicate of CVE-2019-15098. The fix for
> > CVE-2019-15098 was recently merged upstream:
> >
> >  https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39d170b3cb62ba98567f5c4f40c27b5864b304e5
> >
> > If you agree, could you request that MITRE mark CVE-2019-15290 as a
> > duplicate of CVE-2019-15098?
> 
> Oh, nice, Mathias and Hui found it as well and fixed it! =)
> 
> Yes, these two CVEs are for the same issue, feel free to mark them as such.

I've requested that MITRE mark CVE-2019-15290 as a dupe of
CVE-2019-15098. Thanks!

Tyler

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.